MEDIUM
Source
CloudSploit
ID
nat-multiple-az

NAT Multiple AZ

Ensures managed NAT instances exist in at least 2 AZs for availability purposes

Creating NAT instances in a single AZ creates a single point of failure for all systems in the VPC. All managed NAT instances should be created in multiple AZs to ensure proper failover.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the AWS Management Console.

  2. Select the “Services” option and search for VPC. Step

  3. Scroll down the left navigation panel and choose “Your VPCs”. Select the VPC that needs to be verified. Step

  4. Scroll down the left navigation panel and choose “NAT Gateways”. If there is only a single “NAT Gateway” then all the “EC2 Instances” within private subnet will share the same gateway. Step

  5. On the “Details” tab under the “NAT Gateway” click on the subnet id link next to “Subnet” attribute to verify where the selected NAT gateway was created. Step

  6. Check the “Availability Zone” to verify where the selected “NAT Gateway” subnets are located.

  7. Repeat steps number 2 - 6 to verify “Availability Zone” for other “NAT Gateways” in the selected AWS region.

  8. Navigate to “VPC Dashboard” and click on the “NAT Gateways” under the “Virtual Private Cloud” on the left navigation panel.Step

  9. Click on the “Create NAT Gateway” button at the top panel to create a new “NAT Gateway” in different “Availabilty Zone”.Step

  10. On the “Create NAT Gateway” page select the “Subnet” from the dropdown menu, select the connection type and click on the “Allocate Elastic IP” button to assign a new Elastic IP to the “NAT Gateway”.Step

  11. Click on the “Create a NAT Gateway” button at the bottom to create a new “NAT Gateway”.Step

  12. On the successful creation of “NAT Gateway” following message will show: “Your NAT gateway has been created”.Step

  13. Repeat steps number 8 - 12 to create a “NAT Gateway” in a different “Availabilty Zone”.